Burning Board

burning_board

Vendor: Woltlab • 31 CVEs

CVEs (31)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-7192 1Woltlab 1Burning Board Apr 23, 2026 Sep 9, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete p...Show more Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.Show less
CVE-2008-1717 1Woltlab 1Burning Board Apr 23, 2026 Apr 9, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a v...Show more WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.Show less
CVE-2008-1716 1Woltlab 1Burning Board Apr 23, 2026 Apr 9, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters,...Show more Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.Show less
CVE-2008-0857 1Woltlab 1Burning Board Apr 23, 2026 Feb 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
CVE-2008-0472 1Woltlab 1Burning Board Apr 23, 2026 Jan 29, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.
CVE-2007-1518 1Woltlab 1Burning Board Apr 23, 2026 Mar 20, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
CVE-2007-1443 1Woltlab 2Burning Board Burning Board Lite Apr 23, 2026 Mar 14, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_userna...Show more Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. NOTE: a third-party researcher has disputed some of these vectors, stating that only the r_dateformat and r_timeformat parameters in Burning Board 2.3.6 are affected.Show less
CVE-2007-0388 1Woltlab 1Burning Board Apr 23, 2026 Jan 19, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other...Show more SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.Show less
CVE-2006-5029 1Woltlab 1Burning Board Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL...Show more SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.Show less
CVE-2006-4317 1Woltlab 1Burning Board Apr 16, 2026 Aug 24, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.
CVE-2006-3256 1Woltlab 1Burning Board Apr 16, 2026 Jun 28, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2006-3255 1Woltlab 1Burning Board Apr 16, 2026 Jun 28, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
CVE-2006-3254 1Woltlab 1Burning Board Apr 16, 2026 Jun 28, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
CVE-2006-3220 1Woltlab 1Burning Board Apr 16, 2026 Jun 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2006-3219 1Woltlab 1Burning Board Apr 16, 2026 Jun 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
CVE-2006-3218 1Woltlab 1Burning Board Apr 16, 2026 Jun 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2006-2792 1Woltlab 1Burning Board Apr 16, 2026 Jun 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2006-2569 24r Linklist Woltlab 24r Linklist Burning Board Apr 16, 2026 May 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-1324 1Woltlab 1Burning Board Apr 16, 2026 Mar 21, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is ge...Show more Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.Show less
CVE-2006-1215 1Woltlab 1Burning Board Apr 16, 2026 Mar 14, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a...Show more Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.Show less

12 Next